selinux.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] python/semanage/seobject: Fix listing boolean values
@ 2019-02-01 16:49 Vit Mojzis
  2019-02-06 21:10 ` Nicolas Iooss
  0 siblings, 1 reply; 2+ messages in thread
From: Vit Mojzis @ 2019-02-01 16:49 UTC (permalink / raw)
  To: selinux

Fix gathering boolean values by fixing always False if condition
(determining whether the values are listed from local store).

Fix listing boolean values by printing the correct values and not
forcing the use of security_get_boolean_active (which causes
crash when listing booleans that are not present in active policy).

Fixes:
    # dnf install selinux-policy-mls
    # cat > mypolicy.cil
    (boolean xyz false)

    # semodule -i mypolicy.cil -s mls

    # semanage boolean -l -S mls
    ...
    irssi_use_full_network         (off  ,  off)  Allow the Irssi IRC Client to connect to any port, and to bind to any unreserved port.
    mozilla_plugin_use_bluejeans   (off  ,  off)  Allow mozilla plugin to use Bluejeans.
    OSError: No such file or directory

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
---
 python/semanage/seobject.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
index 556d3ba5..b31a90c1 100644
--- a/python/semanage/seobject.py
+++ b/python/semanage/seobject.py
@@ -2807,7 +2807,7 @@ class booleanRecords(semanageRecords):
             value = []
             name = semanage_bool_get_name(boolean)
             value.append(semanage_bool_get_value(boolean))
-            if self.modify_local and boolean in self.current_booleans:
+            if self.modify_local and name in self.current_booleans:
                 value.append(selinux.security_get_boolean_pending(name))
                 value.append(selinux.security_get_boolean_active(name))
             else:
@@ -2849,4 +2849,4 @@ class booleanRecords(semanageRecords):
             print("%-30s %s  %s %s\n" % (_("SELinux boolean"), _("State"), _("Default"), _("Description")))
         for k in sorted(ddict.keys()):
             if ddict[k]:
-                print("%-30s (%-5s,%5s)  %s" % (k, on_off[selinux.security_get_boolean_active(k)], on_off[ddict[k][2]], self.get_desc(k)))
+                print("%-30s (%-5s,%5s)  %s" % (k, on_off[ddict[k][2]], on_off[ddict[k][0]], self.get_desc(k)))
-- 
2.17.2


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] python/semanage/seobject: Fix listing boolean values
  2019-02-01 16:49 [PATCH] python/semanage/seobject: Fix listing boolean values Vit Mojzis
@ 2019-02-06 21:10 ` Nicolas Iooss
  0 siblings, 0 replies; 2+ messages in thread
From: Nicolas Iooss @ 2019-02-06 21:10 UTC (permalink / raw)
  To: Vit Mojzis; +Cc: selinux

On Fri, Feb 1, 2019 at 5:49 PM Vit Mojzis <vmojzis@redhat.com> wrote:
>
> Fix gathering boolean values by fixing always False if condition
> (determining whether the values are listed from local store).
>
> Fix listing boolean values by printing the correct values and not
> forcing the use of security_get_boolean_active (which causes
> crash when listing booleans that are not present in active policy).
>
> Fixes:
>     # dnf install selinux-policy-mls
>     # cat > mypolicy.cil
>     (boolean xyz false)
>
>     # semodule -i mypolicy.cil -s mls
>
>     # semanage boolean -l -S mls
>     ...
>     irssi_use_full_network         (off  ,  off)  Allow the Irssi IRC Client to connect to any port, and to bind to any unreserved port.
>     mozilla_plugin_use_bluejeans   (off  ,  off)  Allow mozilla plugin to use Bluejeans.
>     OSError: No such file or directory
>
> Signed-off-by: Vit Mojzis <vmojzis@redhat.com>

I confirm this fixes the issue and I merged this patch. Thanks!

Nicolas

> ---
>  python/semanage/seobject.py | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
> index 556d3ba5..b31a90c1 100644
> --- a/python/semanage/seobject.py
> +++ b/python/semanage/seobject.py
> @@ -2807,7 +2807,7 @@ class booleanRecords(semanageRecords):
>              value = []
>              name = semanage_bool_get_name(boolean)
>              value.append(semanage_bool_get_value(boolean))
> -            if self.modify_local and boolean in self.current_booleans:
> +            if self.modify_local and name in self.current_booleans:
>                  value.append(selinux.security_get_boolean_pending(name))
>                  value.append(selinux.security_get_boolean_active(name))
>              else:
> @@ -2849,4 +2849,4 @@ class booleanRecords(semanageRecords):
>              print("%-30s %s  %s %s\n" % (_("SELinux boolean"), _("State"), _("Default"), _("Description")))
>          for k in sorted(ddict.keys()):
>              if ddict[k]:
> -                print("%-30s (%-5s,%5s)  %s" % (k, on_off[selinux.security_get_boolean_active(k)], on_off[ddict[k][2]], self.get_desc(k)))
> +                print("%-30s (%-5s,%5s)  %s" % (k, on_off[ddict[k][2]], on_off[ddict[k][0]], self.get_desc(k)))
> --
> 2.17.2
>


^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-02-06 21:10 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-02-01 16:49 [PATCH] python/semanage/seobject: Fix listing boolean values Vit Mojzis
2019-02-06 21:10 ` Nicolas Iooss

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).